LeakIX - Host api.sheen.af

Domain api.sheen.af

United States

AMAZON-02

Software information

Vercel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 64.29.17.65
Domain: api.sheen.af
Port: 443
URL: https://api.sheen.af

First seen 2025-12-06 08:38
Last seen 2026-01-09 22:09
Open for 34 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 22:09
Create report

Open service 64.29.17.65:443 · api.sheen.af

2026-01-09 22:09

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 245
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 09 Jan 2026 22:09:26 GMT
Etag: W/"f5-XPKdL3ntmek69o6L47P+tf4atq4"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: fra1::iad1::nfv48-1767996566228-03ab56975be4
X-Xss-Protection: 0
Connection: close


{"success":true,"message":"Welcome to Afghanistan Delivery Platform API","version":"1.0.0","documentation":"/api-docs","endpoints":{"stores":"/api/v1/stores","admin":"/api/v1/admin","deliveries":"/api/v1/deliveries","drivers":"/api/v1/drivers"}}

Found 2026-01-09 by HttpPlugin

Create report

Open service 64.29.17.65:443 · api.sheen.af

2026-01-02 16:05

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 245
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 02 Jan 2026 16:05:31 GMT
Etag: W/"f5-XPKdL3ntmek69o6L47P+tf4atq4"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: lhr1::iad1::cv296-1767369930285-717bd6ea90f9
X-Xss-Protection: 0
Connection: close


{"success":true,"message":"Welcome to Afghanistan Delivery Platform API","version":"1.0.0","documentation":"/api-docs","endpoints":{"stores":"/api/v1/stores","admin":"/api/v1/admin","deliveries":"/api/v1/deliveries","drivers":"/api/v1/drivers"}}

Found 2026-01-02 by HttpPlugin

Create report

Open service 64.29.17.65:443 · api.sheen.af

2025-12-23 05:23

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 245
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Tue, 23 Dec 2025 05:23:17 GMT
Etag: W/"f5-XPKdL3ntmek69o6L47P+tf4atq4"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: fra1::iad1::gl6bm-1766467395960-20f1f560ae70
X-Xss-Protection: 0
Connection: close


{"success":true,"message":"Welcome to Afghanistan Delivery Platform API","version":"1.0.0","documentation":"/api-docs","endpoints":{"stores":"/api/v1/stores","admin":"/api/v1/admin","deliveries":"/api/v1/deliveries","drivers":"/api/v1/drivers"}}

Found 2025-12-23 by HttpPlugin

Create report

Open service 64.29.17.65:443 · api.sheen.af

2025-12-20 15:24

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 245
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Sat, 20 Dec 2025 15:24:58 GMT
Etag: W/"f5-XPKdL3ntmek69o6L47P+tf4atq4"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: fra1::iad1::vr5cm-1766244296779-7a7661335f4f
X-Xss-Protection: 0
Connection: close


{"success":true,"message":"Welcome to Afghanistan Delivery Platform API","version":"1.0.0","documentation":"/api-docs","endpoints":{"stores":"/api/v1/stores","admin":"/api/v1/admin","deliveries":"/api/v1/deliveries","drivers":"/api/v1/drivers"}}

Found 2025-12-20 by HttpPlugin

Create report

api.sheen.af

Fingerprint:

d103035bb095a1d66d026683feb753695cea7708cc8634059122dce5718e175a

CN:

api.sheen.af

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-06 07:40

Not after:

2026-03-06 07:40

Domain summary

api.sheen.af 4

1 recorded

IP summary

64.29.17.65 2

1 recorded

Domain api.sheen.af

United States

Software information

Swagger API description is publicly available

Create report

Create report

Create report

Create report

api.sheen.af

Domain summary

IP summary